Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-12100

Delete button on component and asset is active even without permission to do so

    XMLWordPrintable

    Details

      Description

      On a component or asset page in a Maven repository, the "Delete" button is enable even if I have only "nx-repository-view-maven2-myrepo-browse" privilege.

      Clicking the button and confirming the deletion leads to a org.apache.shiro.authz.AuthorizationException, but ideally the button should be disabled to make permissions checks easier.

      Acceptance

      • Make the error message user friendly.
        • (The permissions might have changed since the control rendered.)
      • Drive the button's state depending on the permissions.
        • Since 'delete (single) component' is atomic, we should enable the button only if the transaction will go through.
        • Ensure there's a tool tip to explain why it's disabled.

        Attachments

          Activity

            People

            Assignee:
            mmartz Michael Martz
            Reporter:
            glucazeau Guillaume Lucazeau
            Last Updated By:
            Michael Martz
            Team:
            NXRM - Tron
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title